Posts of last 24 hours
A vulnerability was found in Happyforms Plugin up to 1.26.12 on WordPress and classified as problematic. Affected by this issue is the function happyforms_get_form_partial of the component Form Builder. Such manipulation leads to file inclusion.
This vulnerability is traded as CVE-2025-11977. The attack may be launched remotely. There is no exploit available.
https://vuldb.com/vuln/377445
Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out and take everything it controls.
The firm has confirmed one coordinated sweep on May 27
https://thehackernews.com/2026/07/attackers-exploit-ill-bloom.html
https://mp.weixin.qq.com/s?__biz=MzI1MzYzMjE0MQ==&mid=2247520780&idx=2&sn=9b8a0e95210d1da2b0c48795c93a1024
https://mp.weixin.qq.com/s?__biz=MzI1MzYzMjE0MQ==&mid=2247520780&idx=1&sn=be8775089a0a07f7d22f5bf267ee752b
NHS tells staff they could face prison for “inappropriate” access to patients’ medical records
https://www.infosecurity-magazine.com/news/nhs-warns-staff-unauthorized/
A vulnerability has been found in Eleveo Call Recording Software 9.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper authorization.
This vulnerability appears as CVE-2026-15377. The attack may be initiated remotely. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
https://vuldb.com/vuln/377444
A vulnerability, which was classified as critical, was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization.
This vulnerability is reported as CVE-2026-15376. The attack can be launched remotely. Moreover, an exploit is present.
The vendor was contacted early about this disclosure but did not respond in any way.
https://vuldb.com/vuln/377443
A vulnerability, which was classified as problematic, has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/users_ldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization.
This vulnerability is documented as CVE-2026-15375. The attack can be initiated remotely. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
https://vuldb.com/vuln/377442
A vulnerability classified as critical was found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization.
This vulnerability is registered as CVE-2026-15374. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
https://vuldb.com/vuln/377441
A vulnerability classified as critical has been found in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file /callrec/userAddAction.do. Performing a manipulation of the argument role results in improper authorization.
This vulnerability is cataloged as CVE-2026-15373. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
https://vuldb.com/vuln/377440